W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > July 2017

JSON Signatures in OpenBanking (UK)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 8 Jul 2017 13:23:33 +0200
To: Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <cddedce8-420a-31f2-e0c3-f8dab39e8b82@gmail.com>
Maybe of interest to the Security Task Force:
https://www.openbanking.org.uk/read-write-apis/payment-initiation-api/v1-0-0/#basics-headers

Apparently they use a signature based on a detached JWS supplied as a header parameter and where the data to be signed is simply the HTTP body "as is".

So at this stage we have not less than three entirely different ways of dealing with signed JSON:

- OpenBanking(UK) as described above

- The Linked Data Signature scheme (initially) created by Digitalbazaar and adopted by the Verified Credentials CG: https://github.com/w3c-dvcg/ld-signatures

- My JSON Cleartext Signature scheme: https://cyberphone.github.io/doc/security/jcs.html

Anders
Received on Saturday, 8 July 2017 11:24:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:59 UTC